The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants (Ars Technica, Apr 07 2021)
The ransomware, known as Cring, came to public attention in a January blog post. It takes hold of networks by exploiting long-patched vulnerabilities in VPNs sold by Fortinet. Tracked as CVE-2018-13379, the directory transversal vulnerability allows unauthenticated attackers to obtain a session file that contains the username and plaintext password for the VPN.
With an initial toehold, a live Cring operator performs reconnaissance and uses a customized version of the Mimikatz tool in an attempt to extract domain administrator credentials stored in server memory. Eventually, the attackers use the Cobalt Strike framework to install Cring. To mask the attack in progress, the hackers disguise the installation files as security software from Kaspersky Lab or other providers.
2. CISA Launches New Threat Detection Dashboard (Dark Reading, Apr 09 2021)
The tool, called Aviary, is a new dashboard that helps visualize and analyze outputs from CISA’s recently-released Sparrow detection tool.. Sparrow aims to help network defenders detect possible compromised accounts and applications in Azure and Microsoft 365 environments.
3. Fed Chair Says Cyberattacks Main Risk to US Economy (SecurityWeek, Apr 12 2021)
Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. ParkMobile Breach Exposes License Plate Data, Mobile Numbers (Krebs on Security, Apr 12 2021)
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.
5. Joker Android Trojan Lands in Huawei AppGallery App Store (SecurityWeek, Apr 12 2021)
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.
6. Cybersecurity Firm Darktrace Plans London Stock-Market Listing (Bloomberg, Apr 12 2021)
The IPO is expected to value the company at about $3 billion to $4 billion, a person familiar with the matter said.
*Cloud Security, DevOps, AppSec*
7. Zerodium Offering $300,000 for WordPress Exploits (SecurityWeek, Apr 12 2021)
Exploit acquisition company Zerodium announced last week that it’s temporarily offering $300,000 for high-impact WordPress exploits.
8. Reddit takes bug bounty program public (SC Media, Apr 14 2021)
Reddit announced Wednesday that it is taking its bug bounty program public. The popular social news site and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure. “We’ve seen…
9. $200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own (SecurityWeek, Apr 08 2021)
Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction.
*Identity Mgt & Web Fraud*
10. LinkedIn 500M profiles, maintains incident was not a breach (SC Media, Apr 09 2021)
LinkedIn has become one of the most impersonated brands when it comes to phishing, and having access to such a treasure trove of information can help facilitate convincing social engineering attacks.
11. Digital artists meet scam artists, as criminals pounce on NFT craze (SC Media, Apr 08 2021)
Criminals are standing up fraudulent NFT-themed websites that sell nonexistent items or phish users’ credentials.
12. Lawsuit: Man suffered ‘great harm’ after wrongful arrest based on Detroit’s facial recognition technology (The Detroit News, Apr 14 2021)
Lawsuit the latest in string of controversies surrounding Detroit police use of the software
13. FBI removes web shells from hacked Microsoft Exchange servers (Help Net Security, Apr 14 2021)
Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access email accounts and place web shells for continued access. Web shells are pieces of code or scripts that enable remote administration.
14. CISA Details Malware Found on Hacked Exchange Servers (SecurityWeek, Apr 13 2021)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.
15. More Biden Cybersecurity Nominations (Schneier on Security, Apr 13 2021)
“President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD).
I know them both, and think they’re both good choices.”